The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.
Max CVSS
5.5
EPSS Score
0.16%
Published
2016-12-23
Updated
2016-12-24
The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.
Max CVSS
5.5
EPSS Score
0.13%
Published
2016-12-23
Updated
2017-01-03
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.
Max CVSS
5.5
EPSS Score
0.14%
Published
2016-12-23
Updated
2017-07-01
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.
Max CVSS
5.5
EPSS Score
0.28%
Published
2016-12-23
Updated
2017-07-01
The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.
Max CVSS
5.5
EPSS Score
0.28%
Published
2016-12-23
Updated
2017-07-01
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.
Max CVSS
5.5
EPSS Score
0.08%
Published
2016-12-23
Updated
2017-07-01
The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.
Max CVSS
7.8
EPSS Score
0.11%
Published
2016-12-23
Updated
2017-07-01
The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.
Max CVSS
7.8
EPSS Score
0.11%
Published
2016-12-23
Updated
2017-07-01
The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.
Max CVSS
5.5
EPSS Score
0.10%
Published
2016-12-23
Updated
2017-07-01
The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.
Max CVSS
5.5
EPSS Score
0.10%
Published
2016-12-23
Updated
2016-12-24
The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.
Max CVSS
7.8
EPSS Score
0.60%
Published
2016-12-23
Updated
2016-12-24
11 vulnerabilities found